Temporary and disposable phone numbers have become a standard tool for anyone who wants to communicate without leaving an obvious trail. Apps like Burner, Hushed, TextNow, and Google Voice allow users to spin up a new number in minutes, use it briefly, and then abandon it.
In both civil litigation (especially commercial vehicle crash cases) and criminal defense, these numbers can conceal crucial communications: pressure from a dispatcher, coordination among co‑defendants, witness tampering, or undisclosed contacts. The challenge for attorneys is clear: how do you identify who is behind a temporary or disposable number, and do it in a way that will stand up in court?
The good news is that disposable numbers are not truly anonymous. They leave a layered trail through carriers, VoIP providers, app companies, and payment systems. With the right strategy, you can peel that onion, sometimes one subpoena at a time.
In a recent poll, we explored:
How can attorneys track or identify temporary and disposable phone numbers in litigation?
The options were:
- Subpoena app records
- Cross-reference metadata
- Engage digital forensics
- Analyze payment trails
In this article, we’ll explore each of these core strategies and highlight how they apply in both commercial vehicle crash litigation and criminal defense. We’ll also emphasize a critical step attorneys often overlook: using open‑source tools (like LocalCallingGuide.com and Whitepages.com) to identify the underlying phone company before issuing subpoenas.
1. Subpoena App Records (Starting with Open‑Source Research)
The most direct path to identifying a temporary phone number is through the app provider itself. But before you subpoena Burner, Hushed, or Google Voice, start with open‑source research to understand the chain of custody for that number.
Step 1: Open‑Source Lookup
Two especially useful resources:
- LocalCallingGuide.com
- Lets you look up a number’s NPA‑NXX (area code and prefix) to identify the company (e.g., Bandwidth.com, Level 3, Onvoy, etc.) to which the block of phone numbers was originally assigned.
- Helpful for traditional and VoIP lines.
- Whitepages.com (and similar reverse lookup tools)
- Can provide basic carrier information (e.g., “VoIP,” “Bandwidth.com,” “Level 3 Communications”).
- Usually shows the current phone company, even if the phone number was ported.
Why this matters:
Disposable number apps rarely own number blocks themselves. Instead, they obtain numbers from upstream providers like Bandwidth.com or other VoIP carriers. Understanding this chain helps you:
- Identify where to send your first subpoena (the carrier, not necessarily the app).
- Understand what data each entity in the chain will have.
- Prepare for a multi‑step subpoena process if needed.
Example:
A suspicious number repeatedly calls a commercial truck driver before a crash. A quick check on LocalCallingGuide shows the number is assigned to Bandwidth.com. That tells you:
- Your first subpoena goes to Bandwidth.com (the underlying carrier).
- You’ll likely need a second subpoena to the actual app provider (e.g., Burner) once Bandwidth identifies which customer/app account is using that number.
Step 2: Subpoena the Underlying Carrier, Then the App Company
Once you know the underlying carrier (e.g., Bandwidth.com), you can start a tiered subpoena process:
First Subpoena – The Phone Company / VoIP Carrier (e.g., Bandwidth.com)
Request:
- Subscriber/customer account that controls the number
- Dates the number was active
- Any available contact info for that customer (e.g., app company name, billing contact)
- Logs tying that number to a specific downstream service (e.g., “Assigned to Burner, LLC”)
- Call detail records for the number (if available)
The results of the subpoena will likely be another phone company. There may be several in line to get to the actual app company.
Second Subpoena – The App Company (e.g., Burner, Hushed, Google Voice, TextNow)
Once the carrier tells you which app company “owns” the number, send a second subpoena to that app provider for:
- Account holder info (name, email, phone)
- Date/time of account creation and number assignment
- Call/text logs (if available)
- Associated devices (device IDs, app installations).
- App store used to download the app (Apple App Store, Google Play)
- Payment method(s) used (credit card, PayPal, etc.)
- IP addresses used to establish and access the account
This “chain of subpoenas” is often necessary because:
- The end user never appears in the carrier’s records—only the app company does.
- The app company might not be obvious from the number alone.
Example – Commercial Vehicle Crash
You represent plaintiffs in a trucking collision. CDRs show a mystery number calling the driver multiple times on the day of the crash.
- Open‑source lookup shows the number is assigned to Bandwidth.com.
- Subpoena Bandwidth. They respond that the number is assigned to a customer identified as “Ad Hoc Labs, Inc. (Burner).”
- You subpoena Burner. Burner’s records show the account email belongs to the company dispatcher, with a payment card issued to the motor carrier.
- Logs show repeated pre‑crash calls between dispatcher and driver through the Burner number.
Now you have powerful evidence of off‑the‑books communications implicating negligent supervision, negligent dispatch, or pressure to drive while fatigued.
Example – Criminal Defense
You defend a client accused of sexual conduct with a minor. The minor “victim” provides text messages purported to be from the defendant admitting guilt. Defendant says it is not his number.
- You obtain the number from discovery and run open‑source checks—discover it’s Bandwidth.com.
- After subpoenas to Bandwidth and then to the app provider, Hushed. Hushed records show the “victim’s” IP address and email tied to the account, and access logs placing usage far from your client’s location at key times.
- This supports your defense theory that the number was not your client’s, undercutting the prosecution’s narrative and discrediting the “victim.”
2. Cross‑Reference Metadata: Patterns Tell Stories
Even before you fully unmask the user behind a disposable number, metadata from call detail records can reveal a lot:
- Who it called (and who called it)
- When and how often
- How long conversations lasted
- Where the devices were (via cell tower data, if available)
How to use metadata effectively:
- Obtain CDRs for your client and key parties.
- Identify calls to/from unknown numbers, especially near the time of the crash, alleged offense, or key transactions.
- Build a timeline of communications and overlay it with:
- Crash times
- ELD or telematics data (in trucking cases)
- Surveillance or dash cam timestamps
- Police reports, 911 calls, or bodycam footage
In Civil / Commercial Vehicle Cases:
Repeated calls from a disposable number to a driver at critical times can suggest:
- Unrecorded directions from dispatch
- Pressure to violate hours‑of‑service rules
- Collusion to underreport fatigue or prior incidents
Example:
A truck driver testifies they were not in contact with their dispatcher during the hour before a crash. But CDRs show calls from an unknown number to the driver’s phone at 1:47 PM, 2:03 PM, and 2:15 PM (crash at 2:16 PM). Metadata shows calls lasted 6, 14, and 8 minutes, substantive conversations, not accidental dials. This directly contradicts the driver’s testimony and suggests active coordination or pressure.
In Criminal Defense:
Metadata can:
- Show your client never received calls from the alleged burner number
- Demonstrate that calls occurred at times your client was in custody or provably elsewhere
- Reveal that the so‑called “burner” was actually part of a larger communication web involving other actors
Example:
Prosecutors claim your client coordinated a crime via burner phone. CDR metadata shows the burner number made calls from a cell tower near the defendant’s office but your client’s phone was connected to towers across town at those exact times. This creates reasonable doubt about your client’s involvement.
3. Engage Digital Forensics: Look Inside the Device
When you have access to a device (via consent, warrant, or court order), digital forensic experts can often uncover evidence of:
- Temporary number apps installed (even if uninstalled later)
- App usage logs and account data
- Deleted messages or call logs tied to app‑based phone numbers
- Device identifiers matching app account records produced by providers
- IPs, times, and settings that align with carrier/app logs
- Cached data from temporary number apps
- Backup files containing app data
Why this matters:
For plaintiffs in civil cases: Shows a driver or dispatcher deliberately used anonymous numbers to hide coordination. Forensic evidence of app installation, usage patterns, and deleted messages can prove intent and knowledge.
For criminal defense: May prove that the relevant accounts were accessed from a different phone entirely. This can be exculpatory and shift the investigation toward the actual user.
Proper forensics also ensures:
- Chain of custody is preserved
- Data is collected in a way that is admissible and explainable to a jury
Example – Commercial Vehicle Crash
Plaintiffs suspect the defendant motor carrier used a burner phone to pressure drivers. Forensic imaging of the dispatcher’s phone reveals:
- Burner app installed and active during the relevant period
- Deleted messages showing pressure to exceed hours of service
- Device identifiers matching the Burner account records obtained via subpoena
This forensic evidence, combined with app records and metadata, creates an airtight case of negligent supervision.
Example – Criminal Defense
Prosecutors allege your client used a burner phone to coordinate a crime. Forensic imaging of your client’s phone shows:
- No evidence of the burner app being installed
- No evidence of the app in deleted files or system logs
- Your client’s phone was powered off during the time the burner made key calls
This forensic evidence directly contradicts the prosecution’s theory and supports your defense.
4. Analyze Payment Trails: Follow the Money
Disposable number apps are often monetized through subscriptions or in‑app purchases. Payment data can be one of the most conclusive links between a person and a supposedly anonymous number.
What to seek:
- Credit card or bank accounts used to pay for the app or number
- Billing addresses and zip codes
- Transaction dates and times
- PayPal or similar wallet accounts
- Multiple numbers purchased with the same payment method
- Subscription renewal patterns
How to access payment records:
- Subpoena the app provider (Burner, Hushed, etc.) for payment information tied to the account.
- Subpoena the payment processor (PayPal, Stripe, Square, etc.) for transaction records.
- Obtain financial records from the suspected user through discovery (credit card statements, bank records).
- Cross-reference payment dates with case timelines.
Civil Example – Trucking Case:
Burner account records show a subscription paid with the company’s corporate credit card, used to communicate with multiple drivers over several months. This supports:
- Corporate knowledge and involvement (not just a “rogue” employee)
- Systematic, intentional use of hidden communications
- Potential punitive damages (showing deliberate concealment)
Criminal Defense Example:
Prosecutors claim your client used a burner number. Payment records show the subscription tied to a card belonging to a different person, with a billing address your client never used. Combined with other evidence (forensics showing the app wasn’t on your client’s phone, metadata placing your client elsewhere), this can raise reasonable doubt about your client’s involvement.
Why It’s Effective:
Payment trails are difficult to dispute. They create a direct link between a financial identity and a temporary number, and they’re often admissible as business records from the payment processor or credit card company.
Tips for Attorneys: Mastering Temporary Number Investigations
1. Start with Open‑Source Tools
- Use LocalCallingGuide.com and Whitepages.com immediately to identify the carrier or VoIP provider.
- This often tells you where the first subpoena needs to go (e.g., Bandwidth.com).
- Screenshot and preserve your open‑source findings—they may be useful in court to explain your investigative methodology.
2. Expect Multiple Subpoenas
- Plan for at least two levels:
- Carrier / CLEC (e.g., Bandwidth.com)
- App provider (Burner, Hushed, TextNow, Google Voice, etc.)
- Build time into your case strategy for this “stepping‑stone” process.
- Be prepared for carriers or app companies to claim they don’t have certain data. Follow up with targeted follow‑up subpoenas.
3. Move Quickly
- App companies and carriers have retention limits. Temporary numbers and their logs may be purged after a relatively short period (6 months).
- Issue preservation letters immediately upon discovering a suspicious number.
- Follow with formal subpoenas as soon as possible.
4. Be Precise and Proportional
- Narrow your subpoenas to:
- Specific phone numbers
- Key date ranges
- Data categories you truly need (subscriber info, IPs, payments, logs)
- This reduces privacy objections and increases the odds the court will enforce your requests.
- Courts appreciate proportional discovery focused on case-relevant information.
5. Integrate Civil and Criminal Perspectives
- In commercial vehicle crash litigation, think in terms of:
- Negligent supervision / negligent dispatch
- Pressure to drive while fatigued
- Off‑book communications affecting liability and punitive damages
- In criminal defense, focus on:
- Misattribution of numbers to your client
- Alternative explanations for communication patterns
- Proving other actors controlled the “burner.”
6. Use Forensic Experts
- Have an expert:
- Explain open‑source lookups and carrier relationships
- Interpret CDRs, cell‑site data, and app logs
- Help craft clear, jury‑friendly visuals and timelines
- Testify about app installation, deletion, and recovery
7. Document Everything
- Track:
- All lookups (screenshots of LocalCallingGuide / Whitepages results)
- Every subpoena and response
- Chain of custody for device imaging and data handling
- Preservation letters and dates sent
- This documentation helps withstand challenges on authenticity and spoliation.
8. Educate Clients on Preservation
- Advise clients that if they discover a temporary number used against them, they should:
- Preserve all communications with that number
- Document the date and time of discovery
- Not attempt to contact or investigate the number themselves
- Report it to counsel immediately
Conclusion: Disposable Numbers, Durable Evidence
Temporary and disposable phone numbers are designed to
obscure identity, but with a methodical approach they can become some of the
most probative evidence in your case.
By combining:
- Open‑source
research (LocalCallingGuide, Whitepages) to identify carriers like
Bandwidth.com,
- A multi‑step
subpoena strategy to move from carrier → app provider → end user,
- Careful
metadata analysis of call patterns and timelines,
- Targeted
digital forensics on devices, and
- Follow‑the‑money
payment trail investigations,
you can often connect a disposable number to a real person
and a real role in the events at issue.
For civil litigators in commercial vehicle crash
cases, this can reveal hidden dispatcher pressure, off‑the‑books coordination,
or third‑party involvement that expands liability and strengthens your client’s
claims.
For criminal defense attorneys, the same tools can
show that a burner number wasn’t your client’s at all, or that its activity
doesn’t match the prosecution’s theory—creating reasonable doubt where the
state thought it had certainty.
Temporary numbers are not the dead ends they appear to be.
With the right mix of open‑source intelligence, subpoenas, forensics, and
financial tracing, you can turn them from tools of concealment into powerful,
admissible evidence that advances your client’s case.
If you have any questions, or would like help drafting
effective preservation letters and subpoenas, contact me at ben@braveinvestigations.com.